On Fri, Jan 27, 2012 at 3:13 PM, "Paweł Hajdan, Jr." <phajdan...@gentoo.org> wrote: > On 1/27/12 8:45 PM, Fabian Groffen wrote: >> Just implement it in a way that people can opt-in/opt-out on it. > > We already have an opt-in (hardened profile), and of course it can be > implemented in a way which allows opt-out (I even mentioned that). > > The main point is changing the default.
Well, probably wouldn't hurt to split this out of hardened into something intermediate first. You won't get much testing in hardened on many packages. I agree that changing the default is the long-term solution. Default off to start but have it available on mainstream profiles. Encourage people to use it. Then make it the default but let people opt-out. Then maybe in the long-term future de-support the opt-out if it seems prudent. However, the hardened experience will no doubt help us. Rich
